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IN THE CLAIMS 

Please amend claims 1, 8 and 15 as set forth below. 

Please add new dependent claims 22-27. 

A complete claim listing begins on the next page. 
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1 . (currently amended) A method for restricting access to a set of physical resources 
in a distributed data processing system, the method comprising: 

determining a set of authorized resources for which a user is authorized to access, 
wherein the set of authorized resources is a subset of the set of physical resources; 

obtaining state information about the set of authorized resources; 

evaluating availability of the set of authorized resources by comparing the state 
information about the set of authorized resources against a configurable rule associated with one 
or more resources in the set of authorized resources; 

in response to evaluating availability of the set of authorized resources using the 
configurable rule, generating a list of a set of entitled resources for the user, wherein the set of 
entitled resources is a subset of the set of authorized resources; and 

preventing the user from accessing physical resources that are in the set of authorized 
resources but that are not in the set of entitled resources. 

2. (original) The method of claim 1 further comprising: 
sending an indication of the set of entitled resources to the user. 

3. (original) The method of claim 1 further comprising: 
responding to requests for the user to access the set of entitled resources. 

4. (cancelled) 

5. (original) The method of claim 1 further comprising: 

considering user attributes of the user while evaluating availability of the set of 
authorized resources. 

6. (cancelled) 
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7. (original) The method of claim 1 further comprising: 

gathering state information for the set of resources using a distributed monitoring 
application. 

8. (currently amended) An apparatus for restricting access to a set of physical 
resources in a distributed data processing system, the apparatus comprising: 

means for determining a set of authorized resources for which a user is authorized to 
access, wherein the set of authorized resources is a subset of the set of physical resources; 

means for obtaining state information about the set of authorized resources; 

means for evaluating availability of the set of authorized resources by comparing the state 
information about the set of authorized resources against a configurable rule associated with one 
or more resources in the set of authorized resources; 

means for generating a list of a set of entitled resources for the user in response to 
evaluating availability of the set of authorized resources, wherein the set of entitled resources is a 
subset of the set of authorized resources; and 

means for preventing the user from accessing physical resources that are in the set of 
authorized resources but that are not in the set of entitled resources. 

9. (original) The apparatus of claim 8 further comprising: 

means for sending an indication of the set of entitled resources to the user. 

10. (original) The apparatus of claim 8 further comprising: 

means for responding to requests for the user to access the set of entitled resources. 

11. (cancelled) 

12. (original) The apparatus of claim 8 further comprising: 

means for considering user attributes of the user while evaluating availability of the set of 
authorized resources. 
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13. (cancelled) 

14. (original) The apparatus of claim 8 further comprising: 

means for gathering state information for the set of resources using a distributed 
monitoring application. 

15. (currently amended) A computer program product in a computer readable medium 
for use in a distributed data processing system for restricting access to a set of physical resources, 
the computer program product comprising: 

means for determining a set of authorized resources for which a user is authorized to 
access, wherein the set of authorized resources is a subset of the set of physical resources; 

means for obtaining state information about the set of authorized resources; 

means for evaluating availability of the set of authorized resources by comparing the state 
information about the set of authorized resources against a configurable rule associated with one 
or more resources in the set of authorized resources; and 

means for generating a list of a set of entitled resources for the user in response to 
evaluating availability of the set of authorized resources, wherein the set of entitled resources is a 
subset of the set of authorized resources; and 

means for preventing the user from accessing physical resources that are in the set of 
authorized resources but that are not in the set of entitled resources. 

16. (original) The computer program product of claim 15 further comprising: 
means for sending an indication of the set of entitled resources to the user. 

17. (original) The computer program product of claim 15 further comprising: 
means for responding to requests for the user to access the set of entitled resources. 

18. (cancelled) 
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19. (original) The computer program product of claim 15 further comprising: 
means for considering user attributes of the user while evaluating availability of the set of 

authorized resources. 

20. (cancelled) 

21. (original) The computer program product of claim 15 further comprising: 
means for gathering state information for the set of resources using a distributed 

monitoring application. 

22. (new) The method as described in claim 1 wherein the set of resources are 
identified by Uniform Resource Identifiers (URIs), and the step of preventing the user from 
accessing resources includes providing the user a web page without a URI for an authorized 
resource that is not also an entitled resource. 

23. (new) The method as described in claim 1 wherein the set of entitled resources 
for the user includes a particular authorized resource that the user is entitled to access as a result 
of the evaluating step and further as a result of a given user status being met, wherein the 
particular authorized resource, although included in the set of entitled resources for the user, is 
omitted from a list of entitled resources for another user that does not then have the given user 
status. 

24. (new) The apparatus as described in claim 8 wherein the set of resources are 
identified by Uniform Resource Identifiers (URIs), and the means for preventing the user from 
accessing resources includes means for providing the user a web page without a URI for an 
authorized resource that is not also an entitled resource. 

25. (new) The apparatus as described in claim 8 wherein the set of entitled resources 
for the user includes a particular authorized resource that the user is entitled to access as a result 
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of the evaluation and further as a result of a given user status being met, wherein the particular 
authorized resource, although included in the set of entitled resources for the user, is omitted 
from a list of entitled resources for another user that does not then have the given user status. 

26. (new) The computer program product as described in claim 15 wherein the set of 
resources are identified by Uniform Resource Identifiers (URIs), and the means for preventing 
the user from accessing resources includes means for providing the user a web page without a 
URI for an authorized resource that is not also an entitled resource. 

27. (new) The computer program product as described in claim 15 wherein the set of 
entitled resources for the user includes a particular authorized resource that the user is entitled to 
access as a result of the evaluation and further as a result of a given user status being met, 
wherein the particular authorized resource, although included in the set of entitled resources for 
the user, is omitted from a list of entitled resources for another user that does not then have the 
given user status. 
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